Topic: Spam accounts bulk creation

[spikeweb]

Hi everybody here,

I use SMF for my photography forum for ... years. For a couple of months, we have massive accounts creation by robots (I guess ?) not passing through the visual captcha identification at the registration page.
What we did to improve filtering was to install Stop Spammer mod which uses the stop spam forum database. This is very convenient as 99,9% of spammers are now blocked.

Nevertheless, we still face that situation where the accounts are created, and we need to purge every day more than 200 accounts. It does not take such a long time, but it is annoying.

Is there any other solution to prevent such accounts creation ? How do the robots can pass through the registration process without being blocked ? Is it possible to filter the register page ?

We use release 1.1.15 and planned to migrate to 2.x within months. URL is http://forum.nikonpassion.com/ [nofollow]

Thanks for your answers and nice WE to all of you

[Illori]

have you looked at the anti-spam mods on the mod site?

[spikeweb]

Yes, and Stop Spammer is one of them.

I tried Bad Behavior but it does not prevent account creation neither.

It's not so much about spamming as we are able to block these fake accounts, but it is about preventing the bots to register.

[Illori]

well there are other mods that may work better for you then what you have now.

[spikeweb]

Which one ?

[Illori]

there are anti-spam verification questions which may do the trick, there is httpbl and many others, just search the mod site pick a few and try them out.

[spikeweb]

already tried these, the fact is that bots do create accounts by adressing the URL with parameters and do not pass through the classic registration process. So, verification question has no use, etc.

seems that 1.x has a real security hole ?

[Illori]

that is not possible, they have to use the form to create an account.

[spikeweb]

would you like any log to check this ?

using Bad Behaviour, is it possible that the registration page is accessed ?

[Illori]

no idea you would have to ask the mod author.

[spikeweb]

Thanks for your answers.

So the fact is it is possible for a bot to create fake accounts in 1.x, and even with the given mods installed, it is still possible.

Any feedback from 2.x users ? Same situation ?

[Illori]

some bots could get by depending on your setup but they would use the registration form anyway they try, but decent anti-spam mods WILL keep them away.

[ricteo]

Hi,
Any solutions to this yet?
I am facing this problem too with more than 300 accounts created everyday!!!
HELP!!!

[Illori]

have you checked the anti-spam mods as was suggested in the last post?

[MrPhil]

If a bot is able to bypass the registration form (and all the verification questions and captchas, etc.), that's definitely an SMF bug. No installed mod should be able to enable a bypass. Everyone signing up should be going through the proper pages.

[Kermit]

If a bot is able to bypass the registration form (and all the verification questions and captchas, etc.), that's definitely an SMF bug. No installed mod should be able to enable a bypass. Everyone signing up should be going through the proper pages.

Bots can be sometimes humans,so in this case there is no way to prevent it

[MrPhil]

The OP made the statement

the fact is that bots do create accounts by adressing the URL with parameters and do not pass through the classic registration process.

If true, SMF has a problem. spikeweb, are you just assuming that bots bypassed the proper registration process (because they got through), or do you have evidence such as host access logs showing this problem?

Bots can sometimes be humans

Sounds like a new term is needed, for organic bots... liveware, wetware, meatware, XYZware?